One of the things we’re building is a PayPal competitor–with a modest target of having a few hundred million customers. Everything in India is always on a massive scale. If you could get rid of PayPal passwords, and instead just have a fingerprint–if you could pay for goods at a store with just your fingerprint, that would simplify people’s lives a lot. It would also have the secondary effect of saving some of the security problems, like phishing, that we currently encounter. And this government database is a huge enabler.

If we already have a mandate to collect everybody’s fingerprints, why not use it in the customer’s benefit? The privacy risk is always there. That’s the law and I can’t argue with that. But if the law is already creating this risk, why not create opportunity in the same step?

Nohl’s BadUSB attack, which he revealed at the Black Hat security conference in August, takes advantage of the fact that a USB controller chip’s firmware can be reprogrammed. That means a thumb drive’s controller chip itself, rather than the Flash storage on that memory stick, can be infected with malware that invisibly spreads to computers, corrupts files stored on the drive, or quietly begins impersonating a USB keyboard to type commands on the victim’s machine.

…
Nohl says that means combatting BadUSB will require device-makers to clearly label the chips their products use. “You’d never get away with this in a laptop. People would go crazy if they bought a computer and it wasn’t the chip they saw in the review they read,” he says. “It’s just these USB devices that come as black boxes.”